Delete Temporary Internet Files in All User Profiles

Yesterday one of my Citrix Servers was running low on disk space, and I realised that temporary Internet files in various user profiles were using up a lot of disk space. Looking for an easy way to clear these out of all profiles I came across the icsweep utility from Ctrl-Alt-Del. This is a fantastic tool that can be used to delete temp files and/or temporary Internet files from all user profiles that are not currently in use. To assess how much space is being used by these files simply run:

icsweep /SIZE

To delete temporary Internet files only run:

icsweep /TIF

and to delete temp files only run:

icsweep /TMP

Both temporary Internet files and temp files can be deleted by running:

icsweep /ALL

Installing or Renewing a 2048 bit SSL Certificate on Citrix Access Essentials/Xenapp Fundamentals

I had to renew a 2048 bit Godaddy SSL certificate on a Citrix Access Essentials server today. This article on the Citrix knowledgebase explains how to install the certificate in Quick Start, but is a bit light on detail for the IIS part so I thought I would document it here.

Firstly you need to generate a certificate request or renewal request on the Citrix Access Essentials or Xenapp Fundamentals external website in IIS manager. Right click the website and choose ‘properties’, then click on the  ‘Directory Security’ tab. In the ‘Secure Communications’ section click on the ‘Server Certificate’ button, and the server certificate wizard will start. Click Next, and the following screen will appear:

Creating the renewal or certificate request

In this case I was renewing the existing 2048 bit certificate, so selected ‘renew the current certificate’ and clicked next. On the next screen choose ‘prepare the request now but send it later:

Preparing the request

Finish the wizard, and save the request for processing with your SSL provider. In this case the provider is Godaddy, but the process will be similar for other providers. Log into Godaddy, select the certificate you want to renew (assuming you have already purchased the renewal credit), and choose ‘Request Certificate’ .

Requesting a new certificate using Godaddy

   

On the next screen select ‘Third Party or Dedicated Server, and then paste the contents of the certificate request that you generated in IIS into the CSR field as shown:

Processing the CSR with Godaddy

Submit the request and then wait for Godaddy to process it, completing any necessary domain control, or other validation processes that may be required. Once the certificate processing is complete, download your new certificate from Godaddy. If this is the first time you have installed a Godaddy certificate on the server you will also need to install intermediate certificates that come in the zip file on your server. Further documentation on this can be found on the Godaddy website here.

Next install the new certificate using IIS manager. Again, right click the Citrix external website and choose ‘Properties’, then click on the ‘Directory Security’ tab. In the ‘Secure Communications’ section click on the ‘Server Certificate’.  In the wizard choose ‘process the pending request and install the certificate’.

Processing the pending certificate request in IIS

Browse to the new certificate .crt file you downloaded from Godaddy and click next. You may need to select ‘All files’ to view this file.  

Now the next screen can cause a bit of a gotcha. By default the wizard wants to choose standard SSL port 443 to install this certificate on. If you select this port it will conflict with Citrix and cause an error message when accessing the website after installing the certificate. Make sure you select a different port in the wizard, such as 444 to prevent a conflict with Citrix Access Essenstials, then click ‘Next’.

Select an SSL port other than 443, such as 444 in the wizard to prevent a conflict with Citrix

Failure to change the port will result in the error ‘Bad Gateway! The proxy server received an invalid response from the upstream server. Error 502’, which can be seen below:

Error message when installing new SSL certificate on Citrix Access Essentials/Xenapp Fundamentals Bad Gateway error 502

Review the final screen, and complete the wizard. Finally, run up the Citrix quick start tool and choose ‘Manage External Access’, under the ‘External Access’ section. From here you can choose the new certificate to use with Citrix Access Essentials. These steps are documented in the Citrix document. After that you’re done!

Citrix Error: Event ID 1004 “faulting application XTE.exe, version 4.5.0.64631”

The other day I installed the Citrix Hotfix Rollup PSE450W2K3R07 on one of our Citrix servers. Shortly after this I was alerted to an issue where sessions were disconnected, so I checked the event log and noticed the following error:

Event ID: 1004, Source: Application Error

Reporting queued error: faulting application XTE.exe, version 4.5.0.64631, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0004cd12

Event ID 1004 faulting application XTE.exe

On investigation there is an additional hotfix (PSE450R07W2K3027) available on the Citrix website to address this specific issue.

References:

http://support.citrix.com/article/CTX131874

http://forums.citrix.com/thread.jspa?messageID=1611389

Prevent users from connecting to a Citrix server while performing maintenance

Here is a command for preventing users from connecting to a Citrix server while you are performing maintenance or patching. From the command prompt type:

change logon /disable

When you have finished your maintenance, simply run:

change logon /enable

Be aware that this will also stop you from connecting to the server via RDP if you end your session. Rebooting the server resets this command. This command also works for Terminal Server/Remote Desktop Services.

Citrix – The following requested video mode was not available

Recently we received the following error message when accessing Citrix Presentation Server on a few client machines which had had large wide screen monitor upgrades. The application that had been started would also not enter full screen mode.

The following requested video mode was not available: 1920 x 1080 x 24 BPP

The video mode has been set to the following mode: 1847 x 1038 x 24 BPP

Video mode restricted by administrator.

Citrix Error: The following requested video mode was not available

This was due to the fact that not enough memory had been allocated to the graphics for individual client sessions to support the resolution on larger monitors. This can be resolved by modifying the Farm ICA Display settings in the Citrix Access Management Console. Right click on the Farm object in the Citrix Access Management Console and choose ‘Properties’. Then under ‘Server Default’, ICA, click on ‘Display’. Change ‘Maximum memory to use for each sessions’s graphics’ from the default (in my case 5625) to 8192 as shown below:

Changing the 'Maximum memory to use for each session's graphics' setting under Server Default, ICA, Display

After increasing the memory available for each sessions graphics, you should find that Citrix is able to support the higher resolutions OK.